﻿// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.


using IdentityServer4.Models;
using System.Collections.Generic;

namespace IdentityServer
{
    public static class Config
    {
        public static IEnumerable<IdentityResource> IdentityResources =>
            new IdentityResource[]
            {
               new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
                new IdentityResources.Email(),
            };

        public static IEnumerable<ApiScope> ApiScopes =>
            new ApiScope[]
            {
                new ApiScope("api.res.ProductService"),
                new ApiScope("api.res.ClientService"),
                new ApiScope("res.ocelotIdentity")
            };

        public static IEnumerable<ApiResource> ApiResources =>
        new ApiResource[]
        {
            new ApiResource("apiRes", "api资源")
            {
                Scopes = { "api.res.ProductService", "api.res.ClientService" }
            },
            new ApiResource("identityRes","身份认证资源")
            {
                Scopes={ "res.ocelotIdentity" }
            }
            
        };

        public static IEnumerable<Client> Clients =>
            new Client[]
            {
                new Client
                {
                    ClientId = "jetydu1",
                    ClientName = "jetydu1",
                    ClientSecrets = { new Secret("jetydu".Sha256()) },
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    AllowedScopes = { "api.res.ProductService", "api.res.ClientService","res.ocelotIdentity"},
                },

                new Client
                {
                    ClientId = "jetydu2",
                    ClientName = "jetydu3",                   
                    ClientSecrets = { new Secret("jetydu".Sha256()) },
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    AllowedScopes = { "api.res.ProductService"},
                },

                new Client
                {
                    ClientId = "client",
                    ClientName = "Client Credentials Client",

                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    ClientSecrets = { new Secret("secret".Sha256()) },

                    AllowedScopes = { "res.ocelotIdentity" }
                },

                // interactive client using code flow + pkce
                new Client
                {
                    ClientId = "interactive",
                    ClientSecrets = { new Secret("interactive".Sha256()) },

                    AllowedGrantTypes = GrantTypes.Code,

                    RedirectUris = { "https://localhost:44300/signin-oidc" },
                    FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
                    PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },

                    AllowOfflineAccess = true,
                    AllowedScopes = { "api.res.ProductService", "api.res.ClientService" }
                },
            };
    }
}